Update v1.6.5 and denpendencies

* implement WireGuard protocol for Outbound

* upload license

* fix build for openbsd & dragonfly os

* updated wireguard-go

* fix up

* switch to another wireguard fork

* fix

* switch to upstream

* open connection through internet.Dialer (#1)

* use internet.Dialer

* maybe better code

* fix

* real fix

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>

* fix bugs & add ability to recover during connection reset on UDP over TCP parent protocols

* improve performance

improve performance

* dns lookup endpoint && remove unused code

* interface address fallback

* better code && add config test case

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>

.github/workflows/release.yml

@@ -115,17 +115,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Show workflow information 
-        id: get_filename
         run: |
           export _NAME=$(jq ".[\"$GOOS-$GOARCH$GOARM$GOMIPS\"].friendlyName" -r < .github/build/friendly-filenames.json)
           echo "GOOS: $GOOS, GOARCH: $GOARCH, GOARM: $GOARM, GOMIPS: $GOMIPS, RELEASE_NAME: $_NAME"
-          echo "::set-output name=ASSET_NAME::$_NAME"
           echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: ^1.17.7
+          go-version: 1.19
           check-latest: true
 
       - name: Get project dependencies
@@ -184,9 +182,9 @@ jobs:
         run: |
           pushd build_assets || exit 1
           touch -mt $(date +%Y01010000) *
-          zip -9vr ../Xray-$ASSET_NAME.zip .
+          zip -9vr ../Xray-${{ env.ASSET_NAME }}.zip .
           popd || exit 1
-          FILE=./Xray-$ASSET_NAME.zip
+          FILE=./Xray-${{ env.ASSET_NAME }}.zip
           DGST=$FILE.dgst
           for METHOD in {"md5","sha1","sha256","sha512"}
           do
@@ -195,20 +193,20 @@ jobs:
 
       - name: Change the name
         run: |
-          mv build_assets Xray-$ASSET_NAME
+          mv build_assets Xray-${{ env.ASSET_NAME }}
 
       - name: Upload files to Artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
-          name: Xray-${{ steps.get_filename.outputs.ASSET_NAME }}
+          name: Xray-${{ env.ASSET_NAME }}
           path: |
-            ./Xray-${{ steps.get_filename.outputs.ASSET_NAME }}/*
+            ./Xray-${{ env.ASSET_NAME }}/*
 
       - name: Upload binaries to release
         uses: svenstaro/upload-release-action@v2
         if: github.event_name == 'release'
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: ./Xray-${{ steps.get_filename.outputs.ASSET_NAME }}.zip*
+          file: ./Xray-${{ env.ASSET_NAME }}.zip*
           tag: ${{ github.ref }}
           file_glob: true

.github/workflows/test.yml

@@ -28,9 +28,9 @@ jobs:
         os: [windows-latest, ubuntu-latest, macos-latest]
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: ^1.17.7
+          go-version: 1.19
           check-latest: true
       - name: Checkout codebase
         uses: actions/checkout@v3

README.md

@@ -1,6 +1,6 @@
 # Project X
 
-[Project X](https://github.com/XTLS) originates from XTLS protocol, provides a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core) and [Xray-flutter](https://github.com/XTLS/Xray-flutter).
+[Project X](https://github.com/XTLS) originates from XTLS protocol, provides a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core).
 
 ## License
 
@@ -13,7 +13,6 @@
   - [Xray-script](https://github.com/kirin10000/Xray-script)
 - Docker
   - [teddysun/xray](https://hub.docker.com/r/teddysun/xray)
-  - Xray-docker
 - One Click
   - [ProxySU](https://github.com/proxysu/ProxySU)
   - [v2ray-agent](https://github.com/mack-a/v2ray-agent)
@@ -43,16 +42,17 @@
   - [luci-app-xray](https://github.com/yichya/luci-app-xray) ([openwrt-xray](https://github.com/yichya/openwrt-xray))
 - Windows
   - [v2rayN](https://github.com/2dust/v2rayN)
-  - [Qv2ray](https://github.com/Qv2ray/Qv2ray)  (This project had been archived and currently inactive)
-  - [Netch (NetFilter & TUN/TAP)](https://github.com/NetchX/Netch)
+  - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive)
+  - [Netch (NetFilter & TUN/TAP)](https://github.com/NetchX/Netch) (This project had been archived and currently inactive)
 - Android
   - [v2rayNG](https://github.com/2dust/v2rayNG)
-  - [AnXray](https://github.com/XTLS/AnXray)
   - [Kitsunebi](https://github.com/rurirei/Kitsunebi/tree/release_xtls)
 - iOS & macOS (with M1 chip)
   - [Shadowrocket](https://apps.apple.com/app/shadowrocket/id932747118)
+  - [Stash](https://apps.apple.com/app/stash/id1596063349)
 - macOS (Intel chip & M1 chip)
   - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive)
+  - [V2RayXS](https://github.com/tzmax/V2RayXS)
 
 ## Credits
 
@@ -61,13 +61,17 @@ This repo relies on the following third-party projects:
 - Special thanks:
   - [v2fly/v2ray-core](https://github.com/v2fly/v2ray-core)
 - In production:
+  - [ghodss/yaml](https://github.com/ghodss/yaml)
   - [gorilla/websocket](https://github.com/gorilla/websocket)
   - [lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go)
+  - [pelletier/go-toml](https://github.com/pelletier/go-toml)
   - [pires/go-proxyproto](https://github.com/pires/go-proxyproto)
+  - [refraction-networking/utls](https://github.com/refraction-networking/utls)
   - [seiflotfy/cuckoofilter](https://github.com/seiflotfy/cuckoofilter)
   - [google/starlark-go](https://github.com/google/starlark-go)
 - For testing only:
   - [miekg/dns](https://github.com/miekg/dns)
+  - [stretchr/testify](https://github.com/stretchr/testify)
   - [h12w/socks](https://github.com/h12w/socks)
 
 ## Compilation

app/commander/commander.go

@@ -7,12 +7,11 @@ import (
 	"net"
 	"sync"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/signal/done"
 	core "github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/outbound"
+	"google.golang.org/grpc"
 )
 
 // Commander is a Xray feature that provides gRPC methods to external clients.

app/commander/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/commander/config.proto
 

app/commander/service.go

@@ -3,10 +3,9 @@ package commander
 import (
 	"context"
 
+	"github.com/xtls/xray-core/common"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/reflection"
-
-	"github.com/xtls/xray-core/common"
 )
 
 // Service is a Commander service.

app/dispatcher/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/dispatcher/config.proto
 

app/dispatcher/default.go

@@ -4,6 +4,7 @@ package dispatcher
 
 import (
 	"context"
+	"fmt"
 	"strings"
 	"sync"
 	"time"
@@ -92,13 +93,17 @@ type DefaultDispatcher struct {
 	router routing.Router
 	policy policy.Manager
 	stats  stats.Manager
-	hosts  dns.HostsLookup
+	dns    dns.Client
+	fdns   dns.FakeDNSEngine
 }
 
 func init() {
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		d := new(DefaultDispatcher)
 		if err := core.RequireFeatures(ctx, func(om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dc dns.Client) error {
+			core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
+				d.fdns = fdns
+			})
 			return d.Init(config.(*Config), om, router, pm, sm, dc)
 		}); err != nil {
 			return nil, err
@@ -108,14 +113,12 @@ func init() {
 }
 
 // Init initializes DefaultDispatcher.
-func (d *DefaultDispatcher) Init(config *Config, om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dc dns.Client) error {
+func (d *DefaultDispatcher) Init(config *Config, om outbound.Manager, router routing.Router, pm policy.Manager, sm stats.Manager, dns dns.Client) error {
 	d.ohm = om
 	d.router = router
 	d.policy = pm
 	d.stats = sm
-	if hosts, ok := dc.(dns.HostsLookup); ok {
-		d.hosts = hosts
-	}
+	d.dns = dns
 	return nil
 }
 
@@ -132,10 +135,77 @@ func (*DefaultDispatcher) Start() error {
 // Close implements common.Closable.
 func (*DefaultDispatcher) Close() error { return nil }
 
-func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *transport.Link) {
-	opt := pipe.OptionsFromContext(ctx)
-	uplinkReader, uplinkWriter := pipe.New(opt...)
-	downlinkReader, downlinkWriter := pipe.New(opt...)
+func (d *DefaultDispatcher) getLink(ctx context.Context, network net.Network, sniffing session.SniffingRequest) (*transport.Link, *transport.Link) {
+	downOpt := pipe.OptionsFromContext(ctx)
+	upOpt := downOpt
+
+	if network == net.Network_UDP {
+		var ip2domain *sync.Map // net.IP.String() => domain, this map is used by server side when client turn on fakedns
+		// Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
+		// When target replies, server will restore the domain and send back to client.
+		// Note: this map is not global but per connection context
+		upOpt = append(upOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer {
+			for i, buffer := range mb {
+				if buffer.UDP == nil {
+					continue
+				}
+				addr := buffer.UDP.Address
+				if addr.Family().IsIP() {
+					if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(addr) && sniffing.Enabled {
+						domain := fkr0.GetDomainFromFakeDNS(addr)
+						if len(domain) > 0 {
+							buffer.UDP.Address = net.DomainAddress(domain)
+							newError("[fakedns client] override with domain: ", domain, " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+						} else {
+							newError("[fakedns client] failed to find domain! :", addr.String(), " for xUDP buffer at ", i).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+						}
+					}
+				} else {
+					if ip2domain == nil {
+						ip2domain = new(sync.Map)
+						newError("[fakedns client] create a new map").WriteToLog(session.ExportIDToError(ctx))
+					}
+					domain := addr.Domain()
+					ips, err := d.dns.LookupIP(domain, dns.IPOption{true, true, false})
+					if err == nil {
+						for _, ip := range ips {
+							ip2domain.Store(ip.String(), domain)
+						}
+						newError("[fakedns client] candidate ip: "+fmt.Sprintf("%v", ips), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					} else {
+						newError("[fakedns client] failed to look up IP for ", domain, " for xUDP buffer at ", i).Base(err).WriteToLog(session.ExportIDToError(ctx))
+					}
+				}
+			}
+			return mb
+		}))
+		downOpt = append(downOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer {
+			for i, buffer := range mb {
+				if buffer.UDP == nil {
+					continue
+				}
+				addr := buffer.UDP.Address
+				if addr.Family().IsIP() {
+					if ip2domain == nil {
+						continue
+					}
+					if domain, found := ip2domain.Load(addr.IP().String()); found {
+						buffer.UDP.Address = net.DomainAddress(domain.(string))
+						newError("[fakedns client] restore domain: ", domain.(string), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					}
+				} else {
+					if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok {
+						fakeIp := fkr0.GetFakeIPForDomain(addr.Domain())
+						buffer.UDP.Address = fakeIp[0]
+						newError("[fakedns client] restore FakeIP: ", buffer.UDP, fmt.Sprintf("%v", fakeIp), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx))
+					}
+				}
+			}
+			return mb
+		}))
+	}
+	uplinkReader, uplinkWriter := pipe.New(upOpt...)
+	downlinkReader, downlinkWriter := pipe.New(downOpt...)
 
 	inboundLink := &transport.Link{
 		Reader: downlinkReader,
@@ -178,17 +248,16 @@ func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *tran
 	return inboundLink, outboundLink
 }
 
-func shouldOverride(ctx context.Context, result SniffResult, request session.SniffingRequest, destination net.Destination) bool {
+func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResult, request session.SniffingRequest, destination net.Destination) bool {
 	domain := result.Domain()
+	if domain == "" {
+		return false
+	}
 	for _, d := range request.ExcludeForDomain {
 		if strings.ToLower(domain) == d {
 			return false
 		}
 	}
-	var fakeDNSEngine dns.FakeDNSEngine
-	core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
-		fakeDNSEngine = fdns
-	})
 	protocolString := result.Protocol()
 	if resComp, ok := result.(SnifferResultComposite); ok {
 		protocolString = resComp.ProtocolForDomainResult()
@@ -197,7 +266,7 @@ func shouldOverride(ctx context.Context, result SniffResult, request session.Sni
 		if strings.HasPrefix(protocolString, p) {
 			return true
 		}
-		if fkr0, ok := fakeDNSEngine.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
+		if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
 			destination.Address.Family().IsIP() && fkr0.IsIPInIPPool(destination.Address) {
 			newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
 			return true
@@ -221,45 +290,27 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
 		Target: destination,
 	}
 	ctx = session.ContextWithOutbound(ctx, ob)
-
-	inbound, outbound := d.getLink(ctx)
 	content := session.ContentFromContext(ctx)
 	if content == nil {
 		content = new(session.Content)
 		ctx = session.ContextWithContent(ctx, content)
 	}
+
 	sniffingRequest := content.SniffingRequest
-	switch {
-	case !sniffingRequest.Enabled:
+	inbound, outbound := d.getLink(ctx, destination.Network, sniffingRequest)
+	if !sniffingRequest.Enabled {
 		go d.routedDispatch(ctx, outbound, destination)
-	case destination.Network != net.Network_TCP:
-		// Only metadata sniff will be used for non tcp connection
-		result, err := sniffer(ctx, nil, true)
-		if err == nil {
-			content.Protocol = result.Protocol()
-			if shouldOverride(ctx, result, sniffingRequest, destination) {
-				domain := result.Domain()
-				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
-				destination.Address = net.ParseAddress(domain)
-				if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" {
-					ob.RouteTarget = destination
-				} else {
-					ob.Target = destination
-				}
-			}
-		}
-		go d.routedDispatch(ctx, outbound, destination)
-	default:
+	} else {
 		go func() {
 			cReader := &cachedReader{
 				reader: outbound.Reader.(*pipe.Reader),
 			}
 			outbound.Reader = cReader
-			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly)
+			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network)
 			if err == nil {
 				content.Protocol = result.Protocol()
 			}
-			if err == nil && shouldOverride(ctx, result, sniffingRequest, destination) {
+			if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) {
 				domain := result.Domain()
 				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
 				destination.Address = net.ParseAddress(domain)
@@ -290,37 +341,19 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
 		ctx = session.ContextWithContent(ctx, content)
 	}
 	sniffingRequest := content.SniffingRequest
-	switch {
-	case !sniffingRequest.Enabled:
+	if !sniffingRequest.Enabled {
 		go d.routedDispatch(ctx, outbound, destination)
-	case destination.Network != net.Network_TCP:
-		// Only metadata sniff will be used for non tcp connection
-		result, err := sniffer(ctx, nil, true)
-		if err == nil {
-			content.Protocol = result.Protocol()
-			if shouldOverride(ctx, result, sniffingRequest, destination) {
-				domain := result.Domain()
-				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
-				destination.Address = net.ParseAddress(domain)
-				if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" {
-					ob.RouteTarget = destination
-				} else {
-					ob.Target = destination
-				}
-			}
-		}
-		go d.routedDispatch(ctx, outbound, destination)
-	default:
+	} else {
 		go func() {
 			cReader := &cachedReader{
 				reader: outbound.Reader.(*pipe.Reader),
 			}
 			outbound.Reader = cReader
-			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly)
+			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network)
 			if err == nil {
 				content.Protocol = result.Protocol()
 			}
-			if err == nil && shouldOverride(ctx, result, sniffingRequest, destination) {
+			if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) {
 				domain := result.Domain()
 				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
 				destination.Address = net.ParseAddress(domain)
@@ -333,10 +366,11 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
 			d.routedDispatch(ctx, outbound, destination)
 		}()
 	}
+
 	return nil
 }
 
-func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (SniffResult, error) {
+func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool, network net.Network) (SniffResult, error) {
 	payload := buf.New()
 	defer payload.Release()
 
@@ -362,7 +396,7 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (Sni
 
 				cReader.Cache(payload)
 				if !payload.IsEmpty() {
-					result, err := sniffer.Sniff(ctx, payload.Bytes())
+					result, err := sniffer.Sniff(ctx, payload.Bytes(), network)
 					if err != common.ErrNoClue {
 						return result, err
 					}
@@ -384,8 +418,8 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (Sni
 
 func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.Link, destination net.Destination) {
 	ob := session.OutboundFromContext(ctx)
-	if d.hosts != nil && destination.Address.Family().IsDomain() {
-		proxied := d.hosts.LookupHosts(ob.Target.String())
+	if hosts, ok := d.dns.(dns.HostsLookup); ok && destination.Address.Family().IsDomain() {
+		proxied := hosts.LookupHosts(ob.Target.String())
 		if proxied != nil {
 			ro := ob.RouteTarget == destination
 			destination.Address = *proxied
@@ -399,9 +433,13 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 
 	var handler outbound.Handler
 
+	routingLink := routing_session.AsRoutingContext(ctx)
+	inTag := routingLink.GetInboundTag()
+	isPickRoute := 0
 	if forcedOutboundTag := session.GetForcedOutboundTagFromContext(ctx); forcedOutboundTag != "" {
 		ctx = session.SetForcedOutboundTagToContext(ctx, "")
 		if h := d.ohm.GetHandler(forcedOutboundTag); h != nil {
+			isPickRoute = 1
 			newError("taking platform initialized detour [", forcedOutboundTag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
 			handler = h
 		} else {
@@ -411,13 +449,14 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 			return
 		}
 	} else if d.router != nil {
-		if route, err := d.router.PickRoute(routing_session.AsRoutingContext(ctx)); err == nil {
-			tag := route.GetOutboundTag()
-			if h := d.ohm.GetHandler(tag); h != nil {
-				newError("taking detour [", tag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
+		if route, err := d.router.PickRoute(routingLink); err == nil {
+			outTag := route.GetOutboundTag()
+			if h := d.ohm.GetHandler(outTag); h != nil {
+				isPickRoute = 2
+				newError("taking detour [", outTag, "] for [", destination, "]").WriteToLog(session.ExportIDToError(ctx))
 				handler = h
 			} else {
-				newError("non existing outTag: ", tag).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+				newError("non existing outTag: ", outTag).AtWarning().WriteToLog(session.ExportIDToError(ctx))
 			}
 		} else {
 			newError("default route for ", destination).WriteToLog(session.ExportIDToError(ctx))
@@ -437,7 +476,15 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 
 	if accessMessage := log.AccessMessageFromContext(ctx); accessMessage != nil {
 		if tag := handler.Tag(); tag != "" {
-			accessMessage.Detour = tag
+			if inTag == "" {
+				accessMessage.Detour = tag
+			} else if isPickRoute == 1 {
+				accessMessage.Detour = inTag + " ==> " + tag
+			} else if isPickRoute == 2 {
+				accessMessage.Detour = inTag + " -> " + tag
+			} else {
+				accessMessage.Detour = inTag + " >> " + tag
+			}
 		}
 		log.Record(accessMessage)
 	}

app/dispatcher/fakednssniffer.go

@@ -14,12 +14,13 @@ import (
 // newFakeDNSSniffer Creates a Fake DNS metadata sniffer
 func newFakeDNSSniffer(ctx context.Context) (protocolSnifferWithMetadata, error) {
 	var fakeDNSEngine dns.FakeDNSEngine
-	err := core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
-		fakeDNSEngine = fdns
-	})
-	if err != nil {
-		return protocolSnifferWithMetadata{}, err
+	{
+		fakeDNSEngineFeat := core.MustFromContext(ctx).GetFeature((*dns.FakeDNSEngine)(nil))
+		if fakeDNSEngineFeat != nil {
+			fakeDNSEngine = fakeDNSEngineFeat.(dns.FakeDNSEngine)
+		}
 	}
+
 	if fakeDNSEngine == nil {
 		errNotInit := newError("FakeDNSEngine is not initialized, but such a sniffer is used").AtError()
 		return protocolSnifferWithMetadata{}, errNotInit
@@ -84,7 +85,8 @@ func (f DNSThenOthersSniffResult) Domain() string {
 }
 
 func newFakeDNSThenOthers(ctx context.Context, fakeDNSSniffer protocolSnifferWithMetadata, others []protocolSnifferWithMetadata) (
-	protocolSnifferWithMetadata, error) { // nolint: unparam
+	protocolSnifferWithMetadata, error,
+) { // nolint: unparam
 	// ctx may be used in the future
 	_ = ctx
 	return protocolSnifferWithMetadata{

app/dispatcher/sniffer.go

@@ -4,8 +4,10 @@ import (
 	"context"
 
 	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol/bittorrent"
 	"github.com/xtls/xray-core/common/protocol/http"
+	"github.com/xtls/xray-core/common/protocol/quic"
 	"github.com/xtls/xray-core/common/protocol/tls"
 )
 
@@ -22,6 +24,7 @@ type protocolSnifferWithMetadata struct {
 	// for both TCP and UDP connections
 	// It will not be shown as a traffic type for routing unless there is no other successful sniffing.
 	metadataSniffer bool
+	network         net.Network
 }
 
 type Sniffer struct {
@@ -31,9 +34,11 @@ type Sniffer struct {
 func NewSniffer(ctx context.Context) *Sniffer {
 	ret := &Sniffer{
 		sniffer: []protocolSnifferWithMetadata{
-			{func(c context.Context, b []byte) (SniffResult, error) { return http.SniffHTTP(b) }, false},
-			{func(c context.Context, b []byte) (SniffResult, error) { return tls.SniffTLS(b) }, false},
-			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) }, false},
+			{func(c context.Context, b []byte) (SniffResult, error) { return http.SniffHTTP(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return tls.SniffTLS(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) }, false, net.Network_TCP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return quic.SniffQUIC(b) }, false, net.Network_UDP},
+			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffUTP(b) }, false, net.Network_UDP},
 		},
 	}
 	if sniffer, err := newFakeDNSSniffer(ctx); err == nil {
@@ -49,11 +54,11 @@ func NewSniffer(ctx context.Context) *Sniffer {
 
 var errUnknownContent = newError("unknown content")
 
-func (s *Sniffer) Sniff(c context.Context, payload []byte) (SniffResult, error) {
+func (s *Sniffer) Sniff(c context.Context, payload []byte, network net.Network) (SniffResult, error) {
 	var pendingSniffer []protocolSnifferWithMetadata
 	for _, si := range s.sniffer {
 		s := si.protocolSniffer
-		if si.metadataSniffer {
+		if si.metadataSniffer || si.network != network {
 			continue
 		}
 		result, err := s(c, payload)

app/dns/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/dns/config.proto
 

app/dns/dns_test.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/miekg/dns"
-
 	"github.com/xtls/xray-core/app/dispatcher"
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/app/policy"

app/dns/dnscommon.go

@@ -1,16 +1,19 @@
 package dns
 
 import (
+	"context"
 	"encoding/binary"
 	"strings"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/core"
 	dns_feature "github.com/xtls/xray-core/features/dns"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // Fqdn normalizes domain make sure it ends with '.'
@@ -226,3 +229,19 @@ L:
 
 	return ipRecord, nil
 }
+
+// toDnsContext create a new background context with parent inbound, session and dns log
+func toDnsContext(ctx context.Context, addr string) context.Context {
+	dnsCtx := core.ToBackgroundDetachedContext(ctx)
+	if inbound := session.InboundFromContext(ctx); inbound != nil {
+		dnsCtx = session.ContextWithInbound(dnsCtx, inbound)
+	}
+	dnsCtx = session.ContextWithContent(dnsCtx, session.ContentFromContext(ctx))
+	dnsCtx = log.ContextWithAccessMessage(dnsCtx, &log.AccessMessage{
+		From:   "DNS",
+		To:     addr,
+		Status: log.AccessAccepted,
+		Reason: "",
+	})
+	return dnsCtx
+}

app/dns/dnscommon_test.go

@@ -7,11 +7,10 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/miekg/dns"
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	dns_feature "github.com/xtls/xray-core/features/dns"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 func Test_parseResponse(t *testing.T) {

app/dns/fakedns/fakedns.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/dns/fakedns/fakedns.proto
 

app/dns/fakedns/fakedns_test.go

@@ -6,13 +6,11 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-
-	"golang.org/x/sync/errgroup"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/uuid"
 	"github.com/xtls/xray-core/features/dns"
+	"golang.org/x/sync/errgroup"
 )
 
 var ipPrefix = "198.1"

app/dns/hosts_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_doh.go

@@ -11,8 +11,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
@@ -24,6 +22,7 @@ import (
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // DoHNameServer implemented DNS over HTTPS (RFC8484) Wire Format,
@@ -53,23 +52,11 @@ func NewDoHNameServer(url *url.URL, dispatcher routing.Dispatcher) (*DoHNameServ
 		TLSHandshakeTimeout: 30 * time.Second,
 		ForceAttemptHTTP2:   true,
 		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-			dispatcherCtx := context.Background()
-
 			dest, err := net.ParseDestination(network + ":" + addr)
 			if err != nil {
 				return nil, err
 			}
-
-			dispatcherCtx = session.ContextWithContent(dispatcherCtx, session.ContentFromContext(ctx))
-			dispatcherCtx = session.ContextWithInbound(dispatcherCtx, session.InboundFromContext(ctx))
-			dispatcherCtx = log.ContextWithAccessMessage(dispatcherCtx, &log.AccessMessage{
-				From:   "DoH",
-				To:     s.dohURL,
-				Status: log.AccessAccepted,
-				Reason: "",
-			})
-
-			link, err := s.dispatcher.Dispatch(dispatcherCtx, dest)
+			link, err := s.dispatcher.Dispatch(toDnsContext(ctx, s.dohURL), dest)
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
@@ -116,7 +103,7 @@ func NewDoHLocalNameServer(url *url.URL) *DoHNameServer {
 			}
 			conn, err := internet.DialSystem(ctx, dest, nil)
 			log.Record(&log.AccessMessage{
-				From:   "DoH",
+				From:   "DNS",
 				To:     s.dohURL,
 				Status: log.AccessAccepted,
 				Detour: "local",

app/dns/nameserver_doh_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_local.go

@@ -3,7 +3,9 @@ package dns
 import (
 	"context"
 	"strings"
+	"time"
 
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/dns/localdns"
@@ -18,6 +20,7 @@ const errEmptyResponse = "No address associated with hostname"
 
 // QueryIP implements Server.
 func (s *LocalNameServer) QueryIP(_ context.Context, domain string, _ net.IP, option dns.IPOption, _ bool) (ips []net.IP, err error) {
+	start := time.Now()
 	ips, err = s.client.LookupIP(domain, option)
 
 	if err != nil && strings.HasSuffix(err.Error(), errEmptyResponse) {
@@ -26,6 +29,7 @@ func (s *LocalNameServer) QueryIP(_ context.Context, domain string, _ net.IP, op
 
 	if len(ips) > 0 {
 		newError("Localhost got answer: ", domain, " -> ", ips).AtInfo().WriteToLog()
+		log.Record(&log.DNSLog{Server: s.Name(), Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 	}
 
 	return

app/dns/nameserver_quic.go

@@ -8,11 +8,9 @@ import (
 	"time"
 
 	"github.com/lucas-clemente/quic-go"
-	"golang.org/x/net/dns/dnsmessage"
-	"golang.org/x/net/http2"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol/dns"
 	"github.com/xtls/xray-core/common/session"
@@ -20,6 +18,8 @@ import (
 	"github.com/xtls/xray-core/common/task"
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/transport/internet/tls"
+	"golang.org/x/net/dns/dnsmessage"
+	"golang.org/x/net/http2"
 )
 
 // NextProtoDQ - During connection establishment, DNS/QUIC support is indicated
@@ -37,7 +37,7 @@ type QUICNameServer struct {
 	reqID       uint32
 	name        string
 	destination *net.Destination
-	session     quic.Session
+	connection  quic.Connection
 }
 
 // NewQUICNameServer creates DNS-over-QUIC client object for local resolving
@@ -194,7 +194,7 @@ func (s *QUICNameServer) sendQuery(ctx context.Context, domain string, clientIP
 
 			conn, err := s.openStream(dnsCtx)
 			if err != nil {
-				newError("failed to open quic session").Base(err).AtError().WriteToLog()
+				newError("failed to open quic connection").Base(err).AtError().WriteToLog()
 				return
 			}
 
@@ -276,6 +276,7 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
 			newError(s.name, " cache HIT ", domain, " -> ", ips).Base(err).AtDebug().WriteToLog()
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSCacheHit, Elapsed: 0, Error: err})
 			return ips, err
 		}
 	}
@@ -307,10 +308,12 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 		close(done)
 	}()
 	s.sendQuery(ctx, fqdn, clientIP, option)
+	start := time.Now()
 
 	for {
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 			return ips, err
 		}
 
@@ -322,7 +325,7 @@ func (s *QUICNameServer) QueryIP(ctx context.Context, domain string, clientIP ne
 	}
 }
 
-func isActive(s quic.Session) bool {
+func isActive(s quic.Connection) bool {
 	select {
 	case <-s.Context().Done():
 		return false
@@ -331,17 +334,17 @@ func isActive(s quic.Session) bool {
 	}
 }
 
-func (s *QUICNameServer) getSession() (quic.Session, error) {
-	var session quic.Session
+func (s *QUICNameServer) getConnection() (quic.Connection, error) {
+	var conn quic.Connection
 	s.RLock()
-	session = s.session
-	if session != nil && isActive(session) {
+	conn = s.connection
+	if conn != nil && isActive(conn) {
 		s.RUnlock()
-		return session, nil
+		return conn, nil
 	}
-	if session != nil {
-		// we're recreating the session, let's create a new one
-		_ = session.CloseWithError(0, "")
+	if conn != nil {
+		// we're recreating the connection, let's create a new one
+		_ = conn.CloseWithError(0, "")
 	}
 	s.RUnlock()
 
@@ -349,42 +352,48 @@ func (s *QUICNameServer) getSession() (quic.Session, error) {
 	defer s.Unlock()
 
 	var err error
-	session, err = s.openSession()
+	conn, err = s.openConnection()
 	if err != nil {
 		// This does not look too nice, but QUIC (or maybe quic-go)
 		// doesn't seem stable enough.
 		// Maybe retransmissions aren't fully implemented in quic-go?
 		// Anyways, the simple solution is to make a second try when
-		// it fails to open the QUIC session.
-		session, err = s.openSession()
+		// it fails to open the QUIC connection.
+		conn, err = s.openConnection()
 		if err != nil {
 			return nil, err
 		}
 	}
-	s.session = session
-	return session, nil
+	s.connection = conn
+	return conn, nil
 }
 
-func (s *QUICNameServer) openSession() (quic.Session, error) {
+func (s *QUICNameServer) openConnection() (quic.Connection, error) {
 	tlsConfig := tls.Config{}
 	quicConfig := &quic.Config{
 		HandshakeIdleTimeout: handshakeTimeout,
 	}
 
-	session, err := quic.DialAddrContext(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig)
+	conn, err := quic.DialAddrContext(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig)
+	log.Record(&log.AccessMessage{
+		From:   "DNS",
+		To:     s.destination,
+		Status: log.AccessAccepted,
+		Detour: "local",
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	return session, nil
+	return conn, nil
 }
 
 func (s *QUICNameServer) openStream(ctx context.Context) (quic.Stream, error) {
-	session, err := s.getSession()
+	conn, err := s.getConnection()
 	if err != nil {
 		return nil, err
 	}
 
 	// open a new stream
-	return session.OpenStreamSync(ctx)
+	return conn.OpenStreamSync(ctx)
 }

app/dns/nameserver_quic_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_tcp.go

@@ -9,10 +9,9 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/net/cnc"
 	"github.com/xtls/xray-core/common/protocol/dns"
@@ -22,6 +21,7 @@ import (
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // TCPNameServer implemented DNS over TCP (RFC7766).
@@ -44,7 +44,7 @@ func NewTCPNameServer(url *url.URL, dispatcher routing.Dispatcher) (*TCPNameServ
 	}
 
 	s.dial = func(ctx context.Context) (net.Conn, error) {
-		link, err := dispatcher.Dispatch(ctx, *s.destination)
+		link, err := dispatcher.Dispatch(toDnsContext(ctx, s.destination.String()), *s.destination)
 		if err != nil {
 			return nil, err
 		}
@@ -315,6 +315,7 @@ func (s *TCPNameServer) QueryIP(ctx context.Context, domain string, clientIP net
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
 			newError(s.name, " cache HIT ", domain, " -> ", ips).Base(err).AtDebug().WriteToLog()
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSCacheHit, Elapsed: 0, Error: err})
 			return ips, err
 		}
 	}
@@ -346,10 +347,12 @@ func (s *TCPNameServer) QueryIP(ctx context.Context, domain string, clientIP net
 		close(done)
 	}()
 	s.sendQuery(ctx, fqdn, clientIP, option)
+	start := time.Now()
 
 	for {
 		ips, err := s.findIPsForDomain(fqdn, option)
 		if err != errRecordNotFound {
+			log.Record(&log.DNSLog{Server: s.name, Domain: domain, Result: ips, Status: log.DNSQueried, Elapsed: time.Since(start), Error: err})
 			return ips, err
 		}
 

app/dns/nameserver_tcp_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/app/dns"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/dns/nameserver_udp.go

@@ -7,8 +7,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
@@ -17,10 +15,10 @@ import (
 	"github.com/xtls/xray-core/common/session"
 	"github.com/xtls/xray-core/common/signal/pubsub"
 	"github.com/xtls/xray-core/common/task"
-	"github.com/xtls/xray-core/core"
 	dns_feature "github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/transport/internet/udp"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 // ClassicNameServer implemented traditional UDP DNS.
@@ -196,21 +194,7 @@ func (s *ClassicNameServer) sendQuery(ctx context.Context, domain string, client
 	for _, req := range reqs {
 		s.addPendingRequest(req)
 		b, _ := dns.PackMessage(req.msg)
-		udpCtx := core.ToBackgroundDetachedContext(ctx)
-		if inbound := session.InboundFromContext(ctx); inbound != nil {
-			udpCtx = session.ContextWithInbound(udpCtx, inbound)
-		}
-
-		udpCtx = session.ContextWithContent(udpCtx, &session.Content{
-			Protocol: "dns",
-		})
-		udpCtx = log.ContextWithAccessMessage(udpCtx, &log.AccessMessage{
-			From:   "DNS",
-			To:     s.address,
-			Status: log.AccessAccepted,
-			Reason: "",
-		})
-		s.udpServer.Dispatch(udpCtx, *s.address, b)
+		s.udpServer.Dispatch(toDnsContext(ctx, s.address.String()), *s.address, b)
 	}
 }
 

app/log/command/command.go

@@ -5,11 +5,10 @@ package command
 import (
 	"context"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/log"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
+	grpc "google.golang.org/grpc"
 )
 
 type LoggerServer struct {

app/log/command/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/log/command/config.proto
 

app/log/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/log/config.proto
 

app/log/log_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/app/log"
 	"github.com/xtls/xray-core/common"
 	clog "github.com/xtls/xray-core/common/log"

app/metrics/config.pb.go

@@ -0,0 +1,149 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.18.0
+// source: app/metrics/config.proto
+
+package metrics
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Config is the settings for metrics.
+type Config struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Tag of the outbound handler that handles metrics http connections.
+	Tag string `protobuf:"bytes,1,opt,name=tag,proto3" json:"tag,omitempty"`
+}
+
+func (x *Config) Reset() {
+	*x = Config{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_app_metrics_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Config) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Config) ProtoMessage() {}
+
+func (x *Config) ProtoReflect() protoreflect.Message {
+	mi := &file_app_metrics_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Config.ProtoReflect.Descriptor instead.
+func (*Config) Descriptor() ([]byte, []int) {
+	return file_app_metrics_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Config) GetTag() string {
+	if x != nil {
+		return x.Tag
+	}
+	return ""
+}
+
+var File_app_metrics_config_proto protoreflect.FileDescriptor
+
+var file_app_metrics_config_proto_rawDesc = []byte{
+	0x0a, 0x18, 0x61, 0x70, 0x70, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61, 0x79,
+	0x2e, 0x61, 0x70, 0x70, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x22, 0x1a, 0x0a, 0x06,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x74, 0x61, 0x67, 0x42, 0x52, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e,
+	0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73,
+	0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78,
+	0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70,
+	0x70, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0xaa, 0x02, 0x10, 0x58, 0x72, 0x61, 0x79,
+	0x2e, 0x41, 0x70, 0x70, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_app_metrics_config_proto_rawDescOnce sync.Once
+	file_app_metrics_config_proto_rawDescData = file_app_metrics_config_proto_rawDesc
+)
+
+func file_app_metrics_config_proto_rawDescGZIP() []byte {
+	file_app_metrics_config_proto_rawDescOnce.Do(func() {
+		file_app_metrics_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_app_metrics_config_proto_rawDescData)
+	})
+	return file_app_metrics_config_proto_rawDescData
+}
+
+var file_app_metrics_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_app_metrics_config_proto_goTypes = []interface{}{
+	(*Config)(nil), // 0: xray.app.metrics.Config
+}
+var file_app_metrics_config_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_app_metrics_config_proto_init() }
+func file_app_metrics_config_proto_init() {
+	if File_app_metrics_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_app_metrics_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Config); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_app_metrics_config_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_app_metrics_config_proto_goTypes,
+		DependencyIndexes: file_app_metrics_config_proto_depIdxs,
+		MessageInfos:      file_app_metrics_config_proto_msgTypes,
+	}.Build()
+	File_app_metrics_config_proto = out.File
+	file_app_metrics_config_proto_rawDesc = nil
+	file_app_metrics_config_proto_goTypes = nil
+	file_app_metrics_config_proto_depIdxs = nil
+}

app/metrics/config.proto

@@ -0,0 +1,13 @@
+syntax = "proto3";
+
+package xray.app.metrics;
+option csharp_namespace = "Xray.App.Metrics";
+option go_package = "github.com/xtls/xray-core/app/metrics";
+option java_package = "com.xray.app.metrics";
+option java_multiple_files = true;
+
+// Config is the settings for metrics.
+message Config {
+  // Tag of the outbound handler that handles metrics http connections.
+  string tag = 1;
+}

app/metrics/errors.generated.go

@@ -0,0 +1,9 @@
+package metrics
+
+import "github.com/xtls/xray-core/common/errors"
+
+type errPathObjHolder struct{}
+
+func newError(values ...interface{}) *errors.Error {
+	return errors.New(values...).WithPathObj(errPathObjHolder{})
+}

app/metrics/metrics.go

@@ -0,0 +1,118 @@
+package metrics
+
+import (
+	"context"
+	"expvar"
+	"net/http"
+	_ "net/http/pprof"
+	"strings"
+
+	"github.com/xtls/xray-core/app/observatory"
+	"github.com/xtls/xray-core/app/stats"
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/signal/done"
+	"github.com/xtls/xray-core/core"
+	"github.com/xtls/xray-core/features/extension"
+	"github.com/xtls/xray-core/features/outbound"
+	feature_stats "github.com/xtls/xray-core/features/stats"
+)
+
+type MetricsHandler struct {
+	ohm          outbound.Manager
+	statsManager feature_stats.Manager
+	observatory  extension.Observatory
+	tag          string
+}
+
+// NewMetricsHandler creates a new MetricsHandler based on the given config.
+func NewMetricsHandler(ctx context.Context, config *Config) (*MetricsHandler, error) {
+	c := &MetricsHandler{
+		tag: config.Tag,
+	}
+	common.Must(core.RequireFeatures(ctx, func(om outbound.Manager, sm feature_stats.Manager) {
+		c.statsManager = sm
+		c.ohm = om
+	}))
+	expvar.Publish("stats", expvar.Func(func() interface{} {
+		manager, ok := c.statsManager.(*stats.Manager)
+		if !ok {
+			return nil
+		}
+		resp := map[string]map[string]map[string]int64{
+			"inbound":  {},
+			"outbound": {},
+			"user":     {},
+		}
+		manager.VisitCounters(func(name string, counter feature_stats.Counter) bool {
+			nameSplit := strings.Split(name, ">>>")
+			typeName, tagOrUser, direction := nameSplit[0], nameSplit[1], nameSplit[3]
+			if item, found := resp[typeName][tagOrUser]; found {
+				item[direction] = counter.Value()
+			} else {
+				resp[typeName][tagOrUser] = map[string]int64{
+					direction: counter.Value(),
+				}
+			}
+			return true
+		})
+		return resp
+	}))
+	expvar.Publish("observatory", expvar.Func(func() interface{} {
+		if c.observatory == nil {
+			common.Must(core.RequireFeatures(ctx, func(observatory extension.Observatory) error {
+				c.observatory = observatory
+				return nil
+			}))
+			if c.observatory == nil {
+				return nil
+			}
+		}
+		resp := map[string]*observatory.OutboundStatus{}
+		if o, err := c.observatory.GetObservation(context.Background()); err != nil {
+			return err
+		} else {
+			for _, x := range o.(*observatory.ObservationResult).GetStatus() {
+				resp[x.OutboundTag] = x
+			}
+		}
+		return resp
+	}))
+	return c, nil
+}
+
+func (p *MetricsHandler) Type() interface{} {
+	return (*MetricsHandler)(nil)
+}
+
+func (p *MetricsHandler) Start() error {
+	listener := &OutboundListener{
+		buffer: make(chan net.Conn, 4),
+		done:   done.New(),
+	}
+
+	go func() {
+		if err := http.Serve(listener, http.DefaultServeMux); err != nil {
+			newError("failed to start metrics server").Base(err).AtError().WriteToLog()
+		}
+	}()
+
+	if err := p.ohm.RemoveHandler(context.Background(), p.tag); err != nil {
+		newError("failed to remove existing handler").WriteToLog()
+	}
+
+	return p.ohm.AddHandler(context.Background(), &Outbound{
+		tag:      p.tag,
+		listener: listener,
+	})
+}
+
+func (p *MetricsHandler) Close() error {
+	return nil
+}
+
+func init() {
+	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, cfg interface{}) (interface{}, error) {
+		return NewMetricsHandler(ctx, cfg.(*Config))
+	}))
+}

app/metrics/outbound.go

@@ -0,0 +1,109 @@
+package metrics
+
+import (
+	"context"
+	"sync"
+
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/net/cnc"
+	"github.com/xtls/xray-core/common/signal/done"
+	"github.com/xtls/xray-core/transport"
+)
+
+// OutboundListener is a net.Listener for listening metrics http connections.
+type OutboundListener struct {
+	buffer chan net.Conn
+	done   *done.Instance
+}
+
+func (l *OutboundListener) add(conn net.Conn) {
+	select {
+	case l.buffer <- conn:
+	case <-l.done.Wait():
+		conn.Close()
+	default:
+		conn.Close()
+	}
+}
+
+// Accept implements net.Listener.
+func (l *OutboundListener) Accept() (net.Conn, error) {
+	select {
+	case <-l.done.Wait():
+		return nil, newError("listen closed")
+	case c := <-l.buffer:
+		return c, nil
+	}
+}
+
+// Close implement net.Listener.
+func (l *OutboundListener) Close() error {
+	common.Must(l.done.Close())
+L:
+	for {
+		select {
+		case c := <-l.buffer:
+			c.Close()
+		default:
+			break L
+		}
+	}
+	return nil
+}
+
+// Addr implements net.Listener.
+func (l *OutboundListener) Addr() net.Addr {
+	return &net.TCPAddr{
+		IP:   net.IP{0, 0, 0, 0},
+		Port: 0,
+	}
+}
+
+// Outbound is an outbound.Handler that handles metrics http connections.
+type Outbound struct {
+	tag      string
+	listener *OutboundListener
+	access   sync.RWMutex
+	closed   bool
+}
+
+// Dispatch implements outbound.Handler.
+func (co *Outbound) Dispatch(ctx context.Context, link *transport.Link) {
+	co.access.RLock()
+
+	if co.closed {
+		common.Interrupt(link.Reader)
+		common.Interrupt(link.Writer)
+		co.access.RUnlock()
+		return
+	}
+
+	closeSignal := done.New()
+	c := cnc.NewConnection(cnc.ConnectionInputMulti(link.Writer), cnc.ConnectionOutputMulti(link.Reader), cnc.ConnectionOnClose(closeSignal))
+	co.listener.add(c)
+	co.access.RUnlock()
+	<-closeSignal.Wait()
+}
+
+// Tag implements outbound.Handler.
+func (co *Outbound) Tag() string {
+	return co.tag
+}
+
+// Start implements common.Runnable.
+func (co *Outbound) Start() error {
+	co.access.Lock()
+	co.closed = false
+	co.access.Unlock()
+	return nil
+}
+
+// Close implements common.Closable.
+func (co *Outbound) Close() error {
+	co.access.Lock()
+	defer co.access.Unlock()
+
+	co.closed = true
+	return co.listener.Close()
+}

app/observatory/command/command.go

@@ -6,12 +6,11 @@ package command
 import (
 	"context"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/observatory"
 	"github.com/xtls/xray-core/common"
 	core "github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/extension"
+	"google.golang.org/grpc"
 )
 
 type service struct {

app/observatory/command/command.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/observatory/command/command.proto
 

app/observatory/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/observatory/config.proto
 
@@ -73,23 +73,23 @@ type OutboundStatus struct {
 	unknownFields protoimpl.UnknownFields
 
 	// @Document Whether this outbound is usable
-	//@Restriction ReadOnlyForUser
+	// @Restriction ReadOnlyForUser
 	Alive bool `protobuf:"varint,1,opt,name=alive,proto3" json:"alive,omitempty"`
 	// @Document The time for probe request to finish.
-	//@Type time.ms
-	//@Restriction ReadOnlyForUser
+	// @Type time.ms
+	// @Restriction ReadOnlyForUser
 	Delay int64 `protobuf:"varint,2,opt,name=delay,proto3" json:"delay,omitempty"`
 	// @Document The last error caused this outbound failed to relay probe request
-	//@Restriction NotMachineReadable
+	// @Restriction NotMachineReadable
 	LastErrorReason string `protobuf:"bytes,3,opt,name=last_error_reason,json=lastErrorReason,proto3" json:"last_error_reason,omitempty"`
 	// @Document The outbound tag for this Server
-	//@Type id.outboundTag
+	// @Type id.outboundTag
 	OutboundTag string `protobuf:"bytes,4,opt,name=outbound_tag,json=outboundTag,proto3" json:"outbound_tag,omitempty"`
 	// @Document The time this outbound is known to be alive
-	//@Type id.outboundTag
+	// @Type id.outboundTag
 	LastSeenTime int64 `protobuf:"varint,5,opt,name=last_seen_time,json=lastSeenTime,proto3" json:"last_seen_time,omitempty"`
 	// @Document The time this outbound is tried
-	//@Type id.outboundTag
+	// @Type id.outboundTag
 	LastTryTime int64 `protobuf:"varint,6,opt,name=last_try_time,json=lastTryTime,proto3" json:"last_try_time,omitempty"`
 }
 
@@ -173,14 +173,14 @@ type ProbeResult struct {
 	unknownFields protoimpl.UnknownFields
 
 	// @Document Whether this outbound is usable
-	//@Restriction ReadOnlyForUser
+	// @Restriction ReadOnlyForUser
 	Alive bool `protobuf:"varint,1,opt,name=alive,proto3" json:"alive,omitempty"`
 	// @Document The time for probe request to finish.
-	//@Type time.ms
-	//@Restriction ReadOnlyForUser
+	// @Type time.ms
+	// @Restriction ReadOnlyForUser
 	Delay int64 `protobuf:"varint,2,opt,name=delay,proto3" json:"delay,omitempty"`
 	// @Document The error caused this outbound failed to relay probe request
-	//@Restriction NotMachineReadable
+	// @Restriction NotMachineReadable
 	LastErrorReason string `protobuf:"bytes,3,opt,name=last_error_reason,json=lastErrorReason,proto3" json:"last_error_reason,omitempty"`
 }
 
@@ -243,7 +243,7 @@ type Intensity struct {
 	unknownFields protoimpl.UnknownFields
 
 	// @Document The time interval for a probe request in ms.
-	//@Type time.ms
+	// @Type time.ms
 	ProbeInterval uint32 `protobuf:"varint,1,opt,name=probe_interval,json=probeInterval,proto3" json:"probe_interval,omitempty"`
 }
 

app/observatory/observer.go

@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common"
 	v2net "github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/session"

app/policy/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/policy/config.proto
 

app/proxyman/command/command.go

@@ -3,13 +3,12 @@ package command
 import (
 	"context"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/inbound"
 	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/proxy"
+	grpc "google.golang.org/grpc"
 )
 
 // InboundOperation is the interface for operations that applies to inbound handlers.

app/proxyman/command/command.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/proxyman/command/command.proto
 

app/proxyman/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/proxyman/config.proto
 

app/proxyman/inbound/always.go

@@ -144,7 +144,6 @@ func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *
 				}
 			}
 		}
-
 	}
 
 	return h, nil

app/proxyman/inbound/dynamic.go

@@ -87,7 +87,6 @@ func (h *DynamicInboundHandler) allocatePort() net.Port {
 			return port
 		}
 	}
-
 }
 
 func (h *DynamicInboundHandler) closeWorkers(workers []worker) {

app/proxyman/inbound/worker.go

@@ -108,9 +108,7 @@ func (w *tcpWorker) callback(conn stat.Connection) {
 		newError("connection ends").Base(err).WriteToLog(session.ExportIDToError(ctx))
 	}
 	cancel()
-	if err := conn.Close(); err != nil {
-		newError("failed to close connection").Base(err).WriteToLog(session.ExportIDToError(ctx))
-	}
+	conn.Close()
 }
 
 func (w *tcpWorker) Proxy() proxy.Inbound {

app/proxyman/outbound/handler.go

@@ -2,6 +2,9 @@ package outbound
 
 import (
 	"context"
+	"errors"
+	"io"
+	"os"
 
 	"github.com/xtls/xray-core/app/proxyman"
 	"github.com/xtls/xray-core/common"
@@ -141,7 +144,13 @@ func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) {
 			common.Interrupt(link.Writer)
 		}
 	} else {
-		if err := h.proxy.Process(ctx, link, h); err != nil {
+		err := h.proxy.Process(ctx, link, h)
+		if err != nil {
+			if errors.Is(err, io.EOF) || errors.Is(err, io.ErrClosedPipe) || errors.Is(err, context.Canceled) {
+				err = nil
+			}
+		}
+		if err != nil {
 			// Ensure outbound ray is properly closed.
 			err := newError("failed to process outbound traffic").Base(err)
 			session.SubmitOutboundErrorToOriginator(ctx, err)
@@ -202,6 +211,10 @@ func (h *Handler) Dial(ctx context.Context, dest net.Destination) (stat.Connecti
 		}
 	}
 
+	if conn, err := h.getUoTConnection(ctx, dest); err != os.ErrInvalid {
+		return conn, err
+	}
+
 	conn, err := internet.Dial(ctx, dest, h.streamSettings)
 	return h.getStatCouterConnection(conn), err
 }

app/proxyman/outbound/uot.go

@@ -0,0 +1,23 @@
+package outbound
+
+import (
+	"context"
+	"os"
+
+	"github.com/sagernet/sing/common/uot"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/transport/internet"
+	"github.com/xtls/xray-core/transport/internet/stat"
+)
+
+func (h *Handler) getUoTConnection(ctx context.Context, dest net.Destination) (stat.Connection, error) {
+	if !dest.Address.Family().IsDomain() || dest.Address.Domain() != uot.UOTMagicAddress {
+		return nil, os.ErrInvalid
+	}
+	packetConn, err := internet.ListenSystemPacket(ctx, &net.UDPAddr{IP: net.AnyIP.IP(), Port: 0}, h.streamSettings.SocketSettings)
+	if err != nil {
+		return nil, newError("unable to listen socket").Base(err)
+	}
+	conn := uot.NewServerConn(packetConn)
+	return h.getStatCouterConnection(conn), nil
+}

app/reverse/bridge.go

@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common/mux"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/session"

app/reverse/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/reverse/config.proto
 

app/reverse/portal.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/mux"

app/router/balancing.go

@@ -44,6 +44,7 @@ func (b *Balancer) PickOutbound() (string, error) {
 	}
 	return tag, nil
 }
+
 func (b *Balancer) InjectContext(ctx context.Context) {
 	if contextReceiver, ok := b.strategy.(extension.ContextReceiver); ok {
 		contextReceiver.InjectContext(ctx)

app/router/command/command.go

@@ -6,12 +6,11 @@ import (
 	"context"
 	"time"
 
-	"google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/core"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/features/stats"
+	"google.golang.org/grpc"
 )
 
 // routingServer is an implementation of RoutingService.

app/router/command/command.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/router/command/command.proto
 
@@ -163,18 +163,19 @@ func (x *RoutingContext) GetOutboundTag() string {
 // opened by xray-core.
 // * FieldSelectors selects a subset of fields in routing statistics to return.
 // Valid selectors:
-//  - inbound: Selects connection's inbound tag.
-//  - network: Selects connection's network.
-//  - ip: Equivalent as "ip_source" and "ip_target", selects both source and
-//  target IP.
-//  - port: Equivalent as "port_source" and "port_target", selects both source
-//  and target port.
-//  - domain: Selects target domain.
-//  - protocol: Select connection's protocol.
-//  - user: Select connection's inbound user email.
-//  - attributes: Select connection's additional attributes.
-//  - outbound: Equivalent as "outbound" and "outbound_group", select both
-//  outbound tag and outbound group tags.
+//   - inbound: Selects connection's inbound tag.
+//   - network: Selects connection's network.
+//   - ip: Equivalent as "ip_source" and "ip_target", selects both source and
+//     target IP.
+//   - port: Equivalent as "port_source" and "port_target", selects both source
+//     and target port.
+//   - domain: Selects target domain.
+//   - protocol: Select connection's protocol.
+//   - user: Select connection's inbound user email.
+//   - attributes: Select connection's additional attributes.
+//   - outbound: Equivalent as "outbound" and "outbound_group", select both
+//     outbound tag and outbound group tags.
+//
 // * If FieldSelectors is left empty, all fields will be returned.
 type SubscribeRoutingStatsRequest struct {
 	state         protoimpl.MessageState

app/router/command/command_test.go

@@ -8,9 +8,6 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/test/bufconn"
-
 	"github.com/xtls/xray-core/app/router"
 	. "github.com/xtls/xray-core/app/router/command"
 	"github.com/xtls/xray-core/app/stats"
@@ -18,6 +15,8 @@ import (
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/features/routing"
 	"github.com/xtls/xray-core/testing/mocks"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/test/bufconn"
 )
 
 func TestServiceSubscribeRoutingStats(t *testing.T) {

app/router/condition.go

@@ -3,12 +3,11 @@ package router
 import (
 	"strings"
 
-	"go.starlark.net/starlark"
-	"go.starlark.net/syntax"
-
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/strmatcher"
 	"github.com/xtls/xray-core/features/routing"
+	"go.starlark.net/starlark"
+	"go.starlark.net/syntax"
 )
 
 type Condition interface {

app/router/condition_geoip_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/golang/protobuf/proto"
-
 	"github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/router/condition_test.go

@@ -7,7 +7,6 @@ import (
 	"testing"
 
 	"github.com/golang/protobuf/proto"
-
 	. "github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/errors"

app/router/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/router/config.proto
 
@@ -477,6 +477,7 @@ type RoutingRule struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to TargetTag:
+	//
 	//	*RoutingRule_Tag
 	//	*RoutingRule_BalancingTag
 	TargetTag isRoutingRule_TargetTag `protobuf_oneof:"target_tag"`
@@ -834,6 +835,7 @@ type Domain_Attribute struct {
 
 	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
 	// Types that are assignable to TypedValue:
+	//
 	//	*Domain_Attribute_BoolValue
 	//	*Domain_Attribute_IntValue
 	TypedValue isDomain_Attribute_TypedValue `protobuf_oneof:"typed_value"`

app/router/router_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	. "github.com/xtls/xray-core/app/router"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"

app/router/strategy_leastping.go

@@ -45,7 +45,7 @@ func (l *LeastPingStrategy) PickOutbound(strings []string) string {
 		return selectedOutboundName
 	}
 
-	//No way to understand observeReport
+	// No way to understand observeReport
 	return ""
 }
 

app/stats/command/command.go

@@ -7,13 +7,12 @@ import (
 	"runtime"
 	"time"
 
-	grpc "google.golang.org/grpc"
-
 	"github.com/xtls/xray-core/app/stats"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/strmatcher"
 	"github.com/xtls/xray-core/core"
 	feature_stats "github.com/xtls/xray-core/features/stats"
+	grpc "google.golang.org/grpc"
 )
 
 // statsServer is an implementation of StatsService.

app/stats/command/command.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/stats/command/command.proto
 

app/stats/command/command_test.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-
 	"github.com/xtls/xray-core/app/stats"
 	. "github.com/xtls/xray-core/app/stats/command"
 	"github.com/xtls/xray-core/common"

app/stats/config.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: app/stats/config.proto
 

common/buf/buffer.go

@@ -18,10 +18,11 @@ var pool = bytespool.GetPool(Size)
 // the buffer into an internal buffer pool, in order to recreate a buffer more
 // quickly.
 type Buffer struct {
-	v     []byte
-	start int32
-	end   int32
-	UDP   *net.Destination
+	v         []byte
+	start     int32
+	end       int32
+	unmanaged bool
+	UDP       *net.Destination
 }
 
 // New creates a Buffer with 0 length and 8K capacity.
@@ -38,6 +39,7 @@ func New() *Buffer {
 	}
 }
 
+// NewExisted creates a managed, standard size Buffer with an existed bytearray
 func NewExisted(b []byte) *Buffer {
 	if cap(b) < Size {
 		panic("Invalid buffer")
@@ -54,6 +56,15 @@ func NewExisted(b []byte) *Buffer {
 	}
 }
 
+// FromBytes creates a Buffer with an existed bytearray
+func FromBytes(b []byte) *Buffer {
+	return &Buffer{
+		v:         b,
+		end:       int32(len(b)),
+		unmanaged: true,
+	}
+}
+
 // StackNew creates a new Buffer object on stack.
 // This method is for buffers that is released in the same function.
 func StackNew() Buffer {
@@ -71,7 +82,7 @@ func StackNew() Buffer {
 
 // Release recycles the buffer into an internal buffer pool.
 func (b *Buffer) Release() {
-	if b == nil || b.v == nil {
+	if b == nil || b.v == nil || b.unmanaged {
 		return
 	}
 
@@ -212,6 +223,28 @@ func (b *Buffer) WriteString(s string) (int, error) {
 	return b.Write([]byte(s))
 }
 
+// ReadByte implements io.ByteReader
+func (b *Buffer) ReadByte() (byte, error) {
+	if b.start == b.end {
+		return 0, io.EOF
+	}
+
+	nb := b.v[b.start]
+	b.start++
+	return nb, nil
+}
+
+// ReadBytes implements bufio.Reader.ReadBytes
+func (b *Buffer) ReadBytes(length int32) ([]byte, error) {
+	if b.end-b.start < length {
+		return nil, io.EOF
+	}
+
+	nb := b.v[b.start : b.start+length]
+	b.start += length
+	return nb, nil
+}
+
 // Read implements io.Reader.Read().
 func (b *Buffer) Read(data []byte) (int, error) {
 	if b.Len() == 0 {

common/buf/buffer_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 )

common/buf/copy.go

@@ -48,7 +48,7 @@ func (e readError) Error() string {
 	return e.error.Error()
 }
 
-func (e readError) Inner() error {
+func (e readError) Unwrap() error {
 	return e.error
 }
 
@@ -66,7 +66,7 @@ func (e writeError) Error() string {
 	return e.error.Error()
 }
 
-func (e writeError) Inner() error {
+func (e writeError) Unwrap() error {
 	return e.error
 }
 

common/buf/copy_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/testing/mocks"

common/buf/multi_buffer.go

@@ -203,6 +203,19 @@ func SplitSize(mb MultiBuffer, size int32) (MultiBuffer, MultiBuffer) {
 	return mb, r
 }
 
+// SplitMulti splits the beginning of the MultiBuffer into first one, the index i and after into second one
+func SplitMulti(mb MultiBuffer, i int) (MultiBuffer, MultiBuffer) {
+	mb2 := make(MultiBuffer, 0, len(mb))
+	if i < len(mb) && i >= 0 {
+		mb2 = append(mb2, mb[i:]...)
+		for j := i; j < len(mb); j++ {
+			mb[j] = nil
+		}
+		mb = mb[:i]
+	}
+	return mb, mb2
+}
+
 // WriteMultiBuffer writes all buffers from the MultiBuffer to the Writer one by one, and return error if any, with leftover MultiBuffer.
 func WriteMultiBuffer(writer io.Writer, mb MultiBuffer) (MultiBuffer, error) {
 	for {

common/buf/multi_buffer_test.go

@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 )

common/buf/readv_test.go

@@ -9,11 +9,10 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"golang.org/x/sync/errgroup"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/testing/servers/tcp"
+	"golang.org/x/sync/errgroup"
 )
 
 func TestReadvReader(t *testing.T) {

common/buf/writer_test.go

@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/transport/pipe"

common/crypto/auth.go

@@ -2,8 +2,8 @@ package crypto
 
 import (
 	"crypto/cipher"
+	"crypto/rand"
 	"io"
-	"math/rand"
 
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
@@ -265,7 +265,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) {
 		return nil, err
 	}
 	if paddingSize > 0 {
-		// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
+		// These paddings will send in clear text.
+		// To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used.
 		paddingBytes := eb.Extend(paddingSize)
 		common.Must2(rand.Read(paddingBytes))
 	}

common/crypto/auth_test.go

@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	. "github.com/xtls/xray-core/common/crypto"

common/crypto/chacha20_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/crypto"
 )

common/errors/errors.go

@@ -2,7 +2,6 @@
 package errors // import "github.com/xtls/xray-core/common/errors"
 
 import (
-	"os"
 	"reflect"
 	"strings"
 
@@ -13,8 +12,8 @@ import (
 const trim = len("github.com/xtls/xray-core/")
 
 type hasInnerError interface {
-	// Inner returns the underlying error of this one.
-	Inner() error
+	// Unwrap returns the underlying error of this one.
+	Unwrap() error
 }
 
 type hasSeverity interface {
@@ -72,8 +71,8 @@ func (err *Error) Error() string {
 	return builder.String()
 }
 
-// Inner implements hasInnerError.Inner()
-func (err *Error) Inner() error {
+// Unwrap implements hasInnerError.Unwrap()
+func (err *Error) Unwrap() error {
 	if err.inner == nil {
 		return nil
 	}
@@ -171,20 +170,10 @@ L:
 	for {
 		switch inner := err.(type) {
 		case hasInnerError:
-			if inner.Inner() == nil {
+			if inner.Unwrap() == nil {
 				break L
 			}
-			err = inner.Inner()
-		case *os.PathError:
-			if inner.Err == nil {
-				break L
-			}
-			err = inner.Err
-		case *os.SyscallError:
-			if inner.Err == nil {
-				break L
-			}
-			err = inner.Err
+			err = inner.Unwrap()
 		default:
 			break L
 		}

common/errors/errors_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/log"
 )

common/log/log.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/log/log.proto
 

common/log/log_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 )

common/mux/client_test.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/golang/mock/gomock"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/mux"

common/mux/mux_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	. "github.com/xtls/xray-core/common/mux"

common/net/address.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/net/address.proto
 
@@ -28,6 +28,7 @@ type IPOrDomain struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Address:
+	//
 	//	*IPOrDomain_Ip
 	//	*IPOrDomain_Domain
 	Address isIPOrDomain_Address `protobuf_oneof:"address"`

common/net/address_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/net"
 )
 

common/net/destination.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/net/destination.proto
 

common/net/destination_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/net"
 )
 

common/net/network.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/net/network.proto
 

common/net/port.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/net/port.proto
 

common/ocsp/ocsp.go

@@ -8,9 +8,8 @@ import (
 	"net/http"
 	"os"
 
-	"golang.org/x/crypto/ocsp"
-
 	"github.com/xtls/xray-core/common/platform/filesystem"
+	"golang.org/x/crypto/ocsp"
 )
 
 func GetOCSPForFile(path string) ([]byte, error) {

common/protocol/address_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/net"

common/protocol/bittorrent/bittorrent.go

@@ -1,9 +1,13 @@
 package bittorrent
 
 import (
+	"encoding/binary"
 	"errors"
+	"math"
+	"time"
 
 	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/buf"
 )
 
 type SniffHeader struct{}
@@ -29,3 +33,58 @@ func SniffBittorrent(b []byte) (*SniffHeader, error) {
 
 	return nil, errNotBittorrent
 }
+
+func SniffUTP(b []byte) (*SniffHeader, error) {
+	if len(b) < 20 {
+		return nil, common.ErrNoClue
+	}
+
+	buffer := buf.FromBytes(b)
+
+	var typeAndVersion uint8
+
+	if binary.Read(buffer, binary.BigEndian, &typeAndVersion) != nil {
+		return nil, common.ErrNoClue
+	} else if b[0]>>4&0xF > 4 || b[0]&0xF != 1 {
+		return nil, errNotBittorrent
+	}
+
+	var extension uint8
+
+	if binary.Read(buffer, binary.BigEndian, &extension) != nil {
+		return nil, common.ErrNoClue
+	} else if extension != 0 && extension != 1 {
+		return nil, errNotBittorrent
+	}
+
+	for extension != 0 {
+		if extension != 1 {
+			return nil, errNotBittorrent
+		}
+		if binary.Read(buffer, binary.BigEndian, &extension) != nil {
+			return nil, common.ErrNoClue
+		}
+
+		var length uint8
+		if err := binary.Read(buffer, binary.BigEndian, &length); err != nil {
+			return nil, common.ErrNoClue
+		}
+		if common.Error2(buffer.ReadBytes(int32(length))) != nil {
+			return nil, common.ErrNoClue
+		}
+	}
+
+	if common.Error2(buffer.ReadBytes(2)) != nil {
+		return nil, common.ErrNoClue
+	}
+
+	var timestamp uint32
+	if err := binary.Read(buffer, binary.BigEndian, &timestamp); err != nil {
+		return nil, common.ErrNoClue
+	}
+	if math.Abs(float64(time.Now().UnixMicro()-int64(timestamp))) > float64(24*time.Hour) {
+		return nil, errNotBittorrent
+	}
+
+	return &SniffHeader{}, nil
+}

common/protocol/dns/io.go

@@ -4,11 +4,10 @@ import (
 	"encoding/binary"
 	"sync"
 
-	"golang.org/x/net/dns/dnsmessage"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/serial"
+	"golang.org/x/net/dns/dnsmessage"
 )
 
 func PackMessage(msg *dnsmessage.Message) (*buf.Buffer, error) {

common/protocol/headers.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/protocol/headers.proto
 

common/protocol/http/headers_test.go

@@ -7,7 +7,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/net"
 	. "github.com/xtls/xray-core/common/protocol/http"

common/protocol/quic/qtls_go118.go

@@ -0,0 +1,16 @@
+package quic
+
+import (
+	"crypto/cipher"
+
+	"github.com/marten-seemann/qtls-go1-18"
+)
+
+type (
+	// A CipherSuiteTLS13 is a cipher suite for TLS 1.3
+	CipherSuiteTLS13 = qtls.CipherSuiteTLS13
+)
+
+func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
+	return qtls.AEADAESGCMTLS13(key, fixedNonce)
+}

common/protocol/quic/sniff.go

@@ -0,0 +1,207 @@
+package quic
+
+import (
+	"crypto"
+	"crypto/aes"
+	"crypto/tls"
+	"encoding/binary"
+	"io"
+
+	"github.com/lucas-clemente/quic-go/quicvarint"
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/errors"
+	ptls "github.com/xtls/xray-core/common/protocol/tls"
+	"golang.org/x/crypto/hkdf"
+)
+
+type SniffHeader struct {
+	domain string
+}
+
+func (s SniffHeader) Protocol() string {
+	return "quic"
+}
+
+func (s SniffHeader) Domain() string {
+	return s.domain
+}
+
+const (
+	versionDraft29 uint32 = 0xff00001d
+	version1       uint32 = 0x1
+)
+
+var (
+	quicSaltOld  = []byte{0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99}
+	quicSalt     = []byte{0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a}
+	initialSuite = &CipherSuiteTLS13{
+		ID:     tls.TLS_AES_128_GCM_SHA256,
+		KeyLen: 16,
+		AEAD:   AEADAESGCMTLS13,
+		Hash:   crypto.SHA256,
+	}
+	errNotQuic        = errors.New("not quic")
+	errNotQuicInitial = errors.New("not initial packet")
+)
+
+func SniffQUIC(b []byte) (*SniffHeader, error) {
+	buffer := buf.FromBytes(b)
+	typeByte, err := buffer.ReadByte()
+	if err != nil {
+		return nil, errNotQuic
+	}
+	isLongHeader := typeByte&0x80 > 0
+	if !isLongHeader || typeByte&0x40 == 0 {
+		return nil, errNotQuicInitial
+	}
+
+	vb, err := buffer.ReadBytes(4)
+	if err != nil {
+		return nil, errNotQuic
+	}
+
+	versionNumber := binary.BigEndian.Uint32(vb)
+
+	if versionNumber != 0 && typeByte&0x40 == 0 {
+		return nil, errNotQuic
+	} else if versionNumber != versionDraft29 && versionNumber != version1 {
+		return nil, errNotQuic
+	}
+
+	if (typeByte&0x30)>>4 != 0x0 {
+		return nil, errNotQuicInitial
+	}
+
+	var destConnID []byte
+	if l, err := buffer.ReadByte(); err != nil {
+		return nil, errNotQuic
+	} else if destConnID, err = buffer.ReadBytes(int32(l)); err != nil {
+		return nil, errNotQuic
+	}
+
+	if l, err := buffer.ReadByte(); err != nil {
+		return nil, errNotQuic
+	} else if common.Error2(buffer.ReadBytes(int32(l))) != nil {
+		return nil, errNotQuic
+	}
+
+	tokenLen, err := quicvarint.Read(buffer)
+	if err != nil || tokenLen > uint64(len(b)) {
+		return nil, errNotQuic
+	}
+
+	if _, err = buffer.ReadBytes(int32(tokenLen)); err != nil {
+		return nil, errNotQuic
+	}
+
+	packetLen, err := quicvarint.Read(buffer)
+	if err != nil {
+		return nil, errNotQuic
+	}
+
+	hdrLen := len(b) - int(buffer.Len())
+
+	origPNBytes := make([]byte, 4)
+	copy(origPNBytes, b[hdrLen:hdrLen+4])
+
+	var salt []byte
+	if versionNumber == version1 {
+		salt = quicSalt
+	} else {
+		salt = quicSaltOld
+	}
+	initialSecret := hkdf.Extract(crypto.SHA256.New, destConnID, salt)
+	secret := hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
+	hpKey := hkdfExpandLabel(initialSuite.Hash, secret, []byte{}, "quic hp", initialSuite.KeyLen)
+	block, err := aes.NewCipher(hpKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cache := buf.New()
+	defer cache.Release()
+
+	mask := cache.Extend(int32(block.BlockSize()))
+	block.Encrypt(mask, b[hdrLen+4:hdrLen+4+16])
+	b[0] ^= mask[0] & 0xf
+	for i := range b[hdrLen : hdrLen+4] {
+		b[hdrLen+i] ^= mask[i+1]
+	}
+	packetNumberLength := b[0]&0x3 + 1
+	if packetNumberLength != 1 {
+		return nil, errNotQuicInitial
+	}
+	var packetNumber uint32
+	{
+		n, err := buffer.ReadByte()
+		if err != nil {
+			return nil, err
+		}
+		packetNumber = uint32(n)
+	}
+
+	if packetNumber != 0 {
+		return nil, errNotQuicInitial
+	}
+
+	extHdrLen := hdrLen + int(packetNumberLength)
+	copy(b[extHdrLen:hdrLen+4], origPNBytes[packetNumberLength:])
+	data := b[extHdrLen : int(packetLen)+hdrLen]
+
+	key := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
+	iv := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
+	cipher := AEADAESGCMTLS13(key, iv)
+	nonce := cache.Extend(int32(cipher.NonceSize()))
+	binary.BigEndian.PutUint64(nonce[len(nonce)-8:], uint64(packetNumber))
+	decrypted, err := cipher.Open(b[extHdrLen:extHdrLen], nonce, data, b[:extHdrLen])
+	if err != nil {
+		return nil, err
+	}
+	buffer = buf.FromBytes(decrypted)
+	frameType, err := buffer.ReadByte()
+	if err != nil {
+		return nil, io.ErrUnexpectedEOF
+	}
+	if frameType != 0x6 {
+		// not crypto frame
+		return &SniffHeader{domain: ""}, nil
+	}
+	if common.Error2(quicvarint.Read(buffer)) != nil {
+		return nil, io.ErrUnexpectedEOF
+	}
+	dataLen, err := quicvarint.Read(buffer)
+	if err != nil {
+		return nil, io.ErrUnexpectedEOF
+	}
+	if dataLen > uint64(buffer.Len()) {
+		return nil, io.ErrUnexpectedEOF
+	}
+	frameData, err := buffer.ReadBytes(int32(dataLen))
+	common.Must(err)
+	tlsHdr := &ptls.SniffHeader{}
+	err = ptls.ReadClientHello(frameData, tlsHdr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SniffHeader{domain: tlsHdr.Domain()}, nil
+}
+
+func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, length int) []byte {
+	b := make([]byte, 3, 3+6+len(label)+1+len(context))
+	binary.BigEndian.PutUint16(b, uint16(length))
+	b[2] = uint8(6 + len(label))
+	b = append(b, []byte("tls13 ")...)
+	b = append(b, []byte(label)...)
+	b = b[:3+6+len(label)+1]
+	b[3+6+len(label)] = uint8(len(context))
+	b = append(b, context...)
+
+	out := make([]byte, length)
+	n, err := hkdf.Expand(hash.New, secret, b).Read(out)
+	if err != nil || n != length {
+		panic("quic: HKDF-Expand-Label invocation failed unexpectedly")
+	}
+	return out
+}

common/protocol/quic/sniff_test.go

@@ -0,0 +1,18 @@
+package quic_test
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/protocol/quic"
+)
+
+func TestSniffQUIC(t *testing.T) {
+	pkt, err := hex.DecodeString("cd0000000108f1fb7bcc78aa5e7203a8f86400421531fe825b19541876db6c55c38890cd73149d267a084afee6087304095417a3033df6a81bbb71d8512e7a3e16df1e277cae5df3182cb214b8fe982ba3fdffbaa9ffec474547d55945f0fddbeadfb0b5243890b2fa3da45169e2bd34ec04b2e29382f48d612b28432a559757504d158e9e505407a77dd34f4b60b8d3b555ee85aacd6648686802f4de25e7216b19e54c5f78e8a5963380c742d861306db4c16e4f7fc94957aa50b9578a0b61f1e406b2ad5f0cd3cd271c4d99476409797b0c3cb3efec256118912d4b7e4fd79d9cb9016b6e5eaa4f5e57b637b217755daf8968a4092bed0ed5413f5d04904b3a61e4064f9211b2629e5b52a89c7b19f37a713e41e27743ea6dfa736dfa1bb0a4b2bc8c8dc632c6ce963493a20c550e6fdb2475213665e9a85cfc394da9cec0cf41f0c8abed3fc83be5245b2b5aa5e825d29349f721d30774ef5bf965b540f3d8d98febe20956b1fc8fa047e10e7d2f921c9c6622389e02322e80621a1cf5264e245b7276966eb02932584e3f7038bd36aa908766ad3fb98344025dec18670d6db43a1c5daac00937fce7b7c7d61ff4e6efd01a2bdee0ee183108b926393df4f3d74bbcbb015f240e7e346b7d01c41111a401225ce3b095ab4623a5836169bf9599eeca79d1d2e9b2202b5960a09211e978058d6fc0484eff3e91ce4649a5e3ba15b906d334cf66e28d9ff575406e1ae1ac2febafd72870b6f5d58fc5fb949cb1f40feb7c1d9ce5e71b")
+	common.Must(err)
+	quicHdr, err := quic.SniffQUIC(pkt)
+	if err != nil || quicHdr.Domain() != "www.google.com" {
+		t.Error("failed")
+	}
+}

common/protocol/server_spec.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/protocol/server_spec.proto
 

common/protocol/user.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
+// 	protoc-gen-go v1.28.1
 // 	protoc        v3.18.0
 // source: common/protocol/user.proto
 

common/serial/serial_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	"github.com/xtls/xray-core/common/serial"

common/serial/string_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-
 	. "github.com/xtls/xray-core/common/serial"
 )